New research reported by the Commonwealth Scientific and Industrial Research Organisation’s Data61 Agency has revealed that almost half the world’s most popular and supposedly trustworthy websites are well short of ‘trustability’.
The data and digital specialist arm of Australia’s national science organisation, Data61 has quantified the extent to which the trust model of today’s World Wide Web is broken.
Leader of Information Security and Privacy Research at Data61, Dali Kaafar said the researchers had found that around half of the internet’s most popular websites were at risk of malicious activity.
Professor Kaafar said this was because they depended on a chain of third parties to import external resources — such as advertisement providers, tracking and analytics services and content distribution networks — which were often required to load content.
“Almost all websites today are heavily embedded with tracking components,” Professor Kaafaaar said.
“For every website you visit, you could be unknowingly loading content from potentially malicious parties and leaving a trail of your internet activity.”
He said third parties could also load resources from other domains creating a dependency chain of up to over 30 domains.
“The research found that the larger the dependency chain, the greater the threat to malicious activity,” he said.
Professor Kaafar, who is also Scientific Director of Optus Macquarie University Cyber Security Hub, said that although this was a well-known web design decision, its implications on security and privacy were often overlooked.
“The potential threat should not be underestimated, as suspicious content loaded on browsers can open the way to further exploits including Distributed Denial of Service attacks which disrupt traffic to websites, and ransomware campaigns which cost the world more than $11.6 billion in 2018.”
He said resolving the security issue created by dependency chains would require additional research, the support of the World Wide Web Consortium, the predominant organisation focused on developing web standards, as well as web ‘hypergiants’.
A 12-page information paper setting out the research findings can be accessed at this PS News link.